daniel:// stenberg://

17 hours ago

daniel:// stenberg://
17 hours ago

We are at *twenty* hackerone submissions for #curl so far this year. Zero of them a confirmed vulnerability.

#curl

This entry was edited (17 hours ago)

in reply to daniel:// stenberg:// 17 hours ago

Shld I submit a #hackerone submission for #curl, identifying hackerone as a DoS attack vector for the project, recommending depreciation?

#curl #hackerone

in reply to daniel:// stenberg:// 16 hours ago

was there at least one "could be seen as a bug if you squint hard enough"?

in reply to Edvin Malinovskis 15 hours ago

yes, several of them were bugs in fact

in reply to daniel:// stenberg:// 15 hours ago

that screams for a new graph: "average number of hackerone submissions to the curl project per day". :)

in reply to JP Mens

in reply to JP Mens 15 hours ago

I foolishly thought *per year* would be the appropriate time frame: curl.se/dashboard1.html#hacker… (the graph hasn't updated yet)

^curl.se

This entry was edited (15 hours ago)

in reply to daniel:// stenberg:// 15 hours ago

Wasn’t 📈exponential growth📈 what every project was hoping to achieve?!

Maybe it should be mandatory that the HackerOne submission must be done with `curl -X PUT … `, including BearerTokens/OAuth etc?

⇧